Security of Mobile Agent-Based Web Applications

Mobile agents are considered to be an alternative to client-server systems. Security issues are discussed for generic agent-based systems, i.e. intelligent agents migrate to agent platforms. Public key infrastructure (PKI) is a major cryptographic systems deployed for agent-based systems. Cryptographic techniques such as digital signatures, hash function, proxy certificate and attribute certificate, are utilized for protecting both intelligent agents and agent platforms. Countermeasures to agent protections and agent platform protection are given, which are based on information security mechanisms such as authentication, authorization, access control and confidentiality. Other major security concern such as the identity binding and delegation between intelligent agent and its host are discussed with solutions based on proxy certificates and attribute certificates.

[1]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[2]  Julie A. Adams,et al.  Multiagent Systems: A Modern Approach to Distributed Artificial Intelligence , 2001, AI Mag..

[3]  Yuh-Jong Hu Trusted Agent-Mediated E-Commerce Transaction Services via Digital Certificate Management , 2003, Electron. Commer. Res..

[4]  Felix C. Freiling,et al.  Solving Fair Exchange with Mobile Agents , 2000, ASA/MA.

[5]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[6]  Technologie NIST Special Publication 800-53 , 2010 .

[7]  Marcel Worring,et al.  NIST Special Publication , 2005 .

[8]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[9]  Nadia Erdogan,et al.  SECMAP: A Secure Mobile Agent Platform , 2005, CEEMAS.

[10]  Wayne A. Jansen,et al.  Countermeasures for mobile agent security , 2000, Comput. Commun..

[11]  Jose L. Muñoz,et al.  Host Revocation Authority: A Way of Protecting Mobile Agents from Malicious Hosts , 2003, ICWE.

[12]  Wayne Jansen,et al.  NIST Special Publication 800-19 – Mobile Agent Security , 2000 .

[13]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[14]  Luca Cardelli,et al.  Comparing Object Encodings , 1997, Inf. Comput..

[15]  Luo Junzhou,et al.  On timeliness of a fair non-repudiation protocol , 2004, InfoSecu '04.

[16]  Robert H. Deng,et al.  Evolution of Fair Non-repudiation with TTP , 1999, ACISP.

[17]  Xinyuan Deng,et al.  A Comparison of the Security Frameworks in Agent-Based Semantic Web , 2004 .

[18]  Chung-Ming Ou,et al.  Adaptation of proxy certificates to non-repudiation protocol of agent-based mobile payment systems , 2009, Applied Intelligence.

[19]  Samuel Pierre,et al.  A security protocol for mobile agents based upon the cooperation of sedentary agents , 2007, J. Netw. Comput. Appl..

[20]  Yuh-Jong Hu,et al.  Agent-Oriented Public Key Infrastructure for Multi-agent E-service , 2003, KES.

[21]  Jeffrey J. P. Tsai,et al.  Security Modeling and Analysis of Mobile Agent Systems , 2006, Series in Electrical and Computer Engineering.

[22]  Miguel Mira da Silva,et al.  Secure Mobile Agent Digital Signatures with Proxy Certificates , 2001, E-Commerce Agents.

[23]  Wayne Jansen,et al.  A Privilege Management Scheme for Mobile Agent Systems , 2002, Adaptive Agents and Multi-Agent Systems.